c883e0f09a202c35acaba5a1a9c313f0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c883e0f09a202c35acaba5a1a9c313f0_JaffaCakes118
Size

1.2MB
MD5

c883e0f09a202c35acaba5a1a9c313f0
SHA1

28c4a503f5bf6319dd13b9f11a1073c32744b7c8
SHA256

c162af824ee2fc1aff74ef588dcaaf5527ffdc640fc51091f1f98303ff3ec24e
SHA512

6dec8dd1982b9da51a9328e64b5003ef0d4aff07222e91cf67fae6c431603876e25f8a6b67a05f8d8b204ed626a9d120bb9dbe0dc80ef5b9125dfd048170a4eb
SSDEEP

24576:rZGbVQIrHFbIwcVG00IY7Zg4yUsPL5jz9DI+082y/:A2IpHcVfzY7JALREy/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c883e0f09a202c35acaba5a1a9c313f0_JaffaCakes118

Files

c883e0f09a202c35acaba5a1a9c313f0_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

388d7df7e9717fc2a06d5517c371a9e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ole32.pdb

Imports

advapi32

RegQueryValueExA
RegQueryValueA
AccessCheck
LookupAccountNameW
RegOpenKeyExA
RegCreateKeyExW
RegEnumValueW
RegEnumKeyA
RegDeleteKeyA
DuplicateEncryptionInfoFile
AllocateLocallyUniqueId
RegSetValueExW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
RegQueryValueW
RegCloseKey
RegOpenKeyExW
InstallApplication
RegOpenKeyA
RegOpenKeyW
SetThreadToken
OpenThreadToken
AccessCheckByType
GetSecurityDescriptorDacl
EqualSid
GetTokenInformation
RevertToSelf
ImpersonateAnonymousToken
GetSecurityDescriptorLength
DuplicateToken
OpenProcessToken
CryptReleaseContext
CryptAcquireContextW
IsValidSecurityDescriptor
GetLengthSid
LookupAccountSidW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
MakeSelfRelativeSD
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CopySid
SetSecurityDescriptorDacl
FreeSid
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
InitializeSecurityDescriptor
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegEnumKeyW
GetAce
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegOpenUserClassesRoot
CommandLineFromMsiDescriptor
RegQueryInfoKeyW
RegSetValueA
RegDeleteValueW
RegQueryInfoKeyA
RegNotifyChangeKeyValue

gdi32

SetMetaFileBitsEx
GetEnhMetaFileBits
DeleteEnhMetaFile
SetEnhMetaFileBits
GetPaletteEntries
CreatePalette
GetObjectType
CopyMetaFileW
SetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CopyEnhMetaFileW
GetDeviceCaps
ExtTextOutA
SetTextAlign
GetTextExtentPointA
SelectObject
SetBkMode
SetTextColor
Escape
SetWindowExtEx
SetWindowOrgEx
SetMapMode
GetTextMetricsA
CreateFontIndirectW
CloseMetaFile
CreateMetaFileA
SelectPalette
PlayMetaFileRecord
EnumMetaFile
CreateMetaFileW
RestoreDC
GetStockObject
SetViewportExtEx
SetViewportOrgEx
LPtoDP
PlayEnhMetaFile
CloseEnhMetaFile
PlayMetaFile
CreateEnhMetaFileW
GetGraphicsMode
IntersectClipRect
SaveDC
GetEnhMetaFileHeader
PlayEnhMetaFileRecord
DeleteDC
SetWinMetaFileBits
CreateCompatibleDC
GetWinMetaFileBits
GetEnhMetaFilePaletteEntries
EnumEnhMetaFile
StretchDIBits
RealizePalette
GetDIBits
CreateDIBitmap
GetBitmapBits
DeleteObject
CreateBitmap
GetMetaFileBitsEx
GetObjectW
DeleteMetaFile

kernel32

GetDriveTypeW
GetFullPathNameW
GetFileAttributesW
InterlockedIncrement
GetThreadLocale
InterlockedDecrement
GetLastError
GetProcAddress
LoadLibraryA
CloseHandle
SetEvent
ResetEvent
CreateEventW
InterlockedCompareExchange
FreeLibrary
LoadLibraryW
CreateFileW
lstrcmpiW
GetFileAttributesExW
IsBadWritePtr
WideCharToMultiByte
AreFileApisANSI
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpW
GlobalUnlock
GlobalLock
lstrcatW
lstrcpyW
GetCurrentThreadId
SleepEx
GetModuleHandleExW
GetSystemWindowsDirectoryW
GetTickCount
GetProcessHeap
HeapAlloc
HeapValidate
HeapFree
HeapSize
HeapCompact
HeapReAlloc
InterlockedExchange
lstrlenA
WaitForSingleObject
OpenEventA
FindClose
FindFirstFileW
GetModuleFileNameW
LocalAlloc
LocalFree
AddRefActCtx
IsBadReadPtr
WaitForSingleObjectEx
DuplicateHandle
GetCurrentThread
GetCurrentProcess
Sleep
GetModuleHandleW
GetComputerNameW
DebugBreak
GetCurrentProcessId
FindActCtxSectionGuid
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
CreateThread
CreateActCtxW
LoadLibraryExW
DeactivateActCtx
ActivateActCtx
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
lstrcpynW
GetCurrentActCtx
CreateEventA
FreeLibraryAndExitThread
WriteProfileStringW
GetProfileStringW
UnhandledExceptionFilter
RaiseException
OutputDebugStringW
ReadFile
SetFilePointer
GetStringTypeW
SetLastError
MapViewOfFileEx
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
ProcessIdToSessionId
LoadLibraryExA
ExpandEnvironmentStringsW
FindActCtxSectionStringW
GetSystemDirectoryW
GetSystemWow64DirectoryW
SearchPathW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
GetLocaleInfoA
GetSystemInfo
OutputDebugStringA
CreateSemaphoreW
ReleaseSemaphore
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
TerminateProcess
IsProcessorFeaturePresent
GlobalFree
GlobalAlloc
GlobalSize
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalGetAtomNameA
CreateProcessW
GlobalAddAtomW
GlobalAddAtomA
GlobalFindAtomW
GlobalReAlloc
LocalUnlock
LocalLock
GlobalFindAtomA
DeleteFileW
MulDiv
GetTempFileNameW
GetWindowsDirectoryW
GetTempPathW
GetOverlappedResult
SetFileTime
lstrlenW
OpenProcess
LockFile
UnlockFile
GetFileTime
FlushViewOfFile
GlobalMemoryStatus
GetFileSize
FlushFileBuffers
VirtualAlloc
WriteFile
PulseEvent
GetFileType
InitializeCriticalSection
IsBadHugeWritePtr
IsBadHugeReadPtr
GetFileInformationByHandle
GetExitCodeThread
DeviceIoControl
GetUserDefaultLCID
GetACP
CreateFileMappingA
CompareStringA
CompareStringW
GetSystemDefaultLCID
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ReleaseActCtx
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
InterlockedExchangeAdd
IsBadStringPtrW
GetShortPathNameW
SetEndOfFile

msvcrt

wcschr
memmove
wcstoul
_wcsnicmp
wcslen
_wtoi
wcsncmp
_wtol
wcsstr
wcstol
wcscpy
wcsncpy
_wcsicmp
_local_unwind2
_vsnprintf
swprintf
wcscat
strcspn
_ftol
qsort
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_except_handler3

ntdll

RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
NtQuerySystemInformation
NtSetInformationFile
RtlCompareMemory
RtlCheckForOrphanedCriticalSections
RtlCopySid
RtlLengthSid
NtQueryInformationToken
RtlNtStatusToDosError
NtOpenKey
RtlInitUnicodeString
ZwClose
ZwDeleteKey
ZwDeleteValueKey
RtlCompareUnicodeString
ZwOpenKey
ZwCreateKey
ZwEnumerateKey
ZwQueryValueKey
RtlWriteRegistryValue
RtlAnsiStringToUnicodeString
NtQueryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtMapViewOfSection
RtlRaiseStatus
NtCreateFile
RtlGetCurrentDirectory_U
NtClose
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlInitializeCriticalSection

rpcrt4

RpcAsyncCompleteCall
RpcServerUseProtseqExW
RpcServerUseProtseqEpExW
RpcServerUseProtseqW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcBindingVectorFree
RpcSmDestroyClientContext
RpcErrorStartEnumeration
RpcErrorGetNextRecord
RpcErrorEndEnumeration
I_RpcGetBufferWithObject
RpcRaiseException
I_RpcAsyncAbortCall
I_RpcSendReceive
I_RpcReceive
I_RpcSend
I_RpcAsyncSetHandle
I_RpcGetBuffer
RpcBindingFree
RpcBindingCopy
RpcBindingFromStringBindingW
RpcBindingSetOption
RpcServerUnregisterIf
RpcServerRegisterIf2
RpcBindingInqObject
RpcBindingSetAuthInfoExW
RpcServerRegisterAuthInfoW
RpcCertGeneratePrincipalNameW
RpcBindingInqAuthClientW
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcRevertToSelfEx
RpcBindingToStringBindingW
RpcStringBindingParseW
I_RpcBindingInqTransportType
RpcBindingInqAuthInfoExW
RpcStringFreeW
RpcAsyncInitializeHandle
RpcCancelThreadEx
RpcMgmtSetCancelTimeout
RpcAsyncCancelCall
RpcAsyncGetCallStatus
RpcServerTestCancel
I_RpcFreeBuffer
UuidCreate
NdrClientCall2
RpcMgmtSetComTimeout
RpcMgmtInqComTimeout
MesHandleFree
MesEncodeFixedBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
NdrOutInit
MesBufferHandleReset
NdrGetSimpleTypeBufferSize
NdrGetSimpleTypeBufferAlignment
NdrCorrelationInitialize
NdrStubInitialize
NdrStubCall2
NdrpMemoryIncrement
NdrGetSimpleTypeMemorySize
NdrProxyFreeBuffer
NdrClearOutParameters
NdrProxyErrorHandler
NdrConvert2
NdrProxySendReceive
NdrTypeMarshall
NdrProxyGetBuffer
NdrTypeSize
NdrProxyInitialize
NdrpCreateStub
NdrpCreateProxy
NdrGetTypeFlags
NdrTypeFree
NdrStubGetBuffer
NdrClientInitializeNew
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrpReleaseTypeFormatString
NdrpReleaseTypeGenCookie
NdrpVarVtOfTypeDesc
NdrpGetTypeFormatString
NdrpGetProcFormatString
NdrpGetTypeGenCookie
NdrGetUserMarshalInfo
NdrDllRegisterProxy
NdrDcomAsyncClientCall
NdrAsyncServerCall
NdrServerCall2
NdrTypeUnmarshall
MesDecodeBufferHandleCreate
RpcErrorAddRecord
NdrUnmarshallBasetypeInline

user32

IsCharAlphaNumericW
IsCharAlphaW
DestroyIcon
LoadIconW
SystemParametersInfoW
GetSystemMetrics
SetRectEmpty
DrawIcon
GetSysColor
CharPrevA
GetDC
ReleaseDC
InSendMessage
ReplyMessage
SetWindowsHookExW
CallNextHookEx
CallWindowProcW
GetMenuState
UnhookWindowsHookEx
SetFocus
GetSubMenu
GetMenuItemID
CopyAcceleratorTableW
WindowFromPoint
GetParent
GetCursor
GetCursorPos
ScreenToClient
WaitMessage
IsIconic
GetKeyState
LoadCursorW
SetCursor
CountClipboardFormats
GetOpenClipboardWindow
EnumClipboardFormats
GetClipboardData
SetCapture
GetClipboardOwner
EmptyClipboard
CloseClipboard
OpenClipboard
SetPropW
GetPropW
RemovePropW
SetClipboardData
GetClipboardSequenceNumber
IsClipboardFormatAvailable
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatA
GetClipboardFormatNameA
GetWindowWord
SetWindowWord
GetClassNameW
GetWindow
FreeDDElParam
WaitForInputIdle
PackDDElParam
CreateWindowExA
UnpackDDElParam
CharUpperA
RegisterClipboardFormatW
GetClipboardFormatNameW
RegisterClassW
UnregisterClassW
SetTimer
GetMessageW
KillTimer
IsChild
PostThreadMessageW
wsprintfA
IsWindow
DefWindowProcW
CreateWindowExW
GetWindowThreadProcessId
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
MsgWaitForMultipleObjectsEx
GetQueueStatus
MessageBeep
InSendMessageEx
AllowSetForegroundWindow
PostMessageW
PostQuitMessage
CharLowerW
CreateDialogParamW
DialogBoxParamW
GetWindowLongW
SetWindowLongW
wsprintfW
CharUpperW
CharPrevW
SendDlgItemMessageW
SetDlgItemTextW
LoadStringW
MessageBoxW
GetDlgItem
SendMessageW
ShowWindow
DestroyWindow
SetWindowTextW
GetWindowRect
GetDesktopWindow
GetClientRect
MoveWindow
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
AttachThreadInput

Exports

Exports

BindMoniker
CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserUnmarshal
CLSIDFromOle1Class
CLSIDFromProgID
CLSIDFromProgIDEx
CLSIDFromString
CoAddRefServerProcess
CoAllowSetForegroundWindow
CoBuildVersion
CoCancelCall
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoCreateObjectInContext
CoDeactivateObject
CoDisableCallCancellation
CoDisconnectObject
CoDosDateTimeToFileTime
CoEnableCallCancellation
CoFileTimeNow
CoFileTimeToDosDateTime
CoFreeAllLibraries
CoFreeLibrary
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentID
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetClassVersion
CoGetComCatalog
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInstanceFromFile
CoGetInstanceFromIStorage
CoGetInterceptor
CoGetInterceptorFromTypeInfo
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObject
CoGetObjectContext
CoGetPSClsid
CoGetProcessIdentifier
CoGetStandardMarshal
CoGetState
CoGetStdMarshalEx
CoGetSystemSecurityPermissions
CoGetTreatAsClass
CoImpersonateClient
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoInitializeWOW
CoInstall
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoIsOle1Class
CoLoadLibrary
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoPopServiceDomain
CoPushServiceDomain
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoQueryReleaseObject
CoReactivateObject
CoRegisterChannelHook
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMallocSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoRegisterSurrogateEx
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRetireServer
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoRevokeMallocSpy
CoSetCancelObject
CoSetProxyBlanket
CoSetState
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoTreatAsClass
CoUninitialize
CoUnloadingWOW
CoUnmarshalHresult
CoUnmarshalInterface
CoWaitForMultipleHandles
ComPs_CStdStubBuffer_AddRef
ComPs_CStdStubBuffer_Connect
ComPs_CStdStubBuffer_CountRefs
ComPs_CStdStubBuffer_DebugServerQueryInterface
ComPs_CStdStubBuffer_DebugServerRelease
ComPs_CStdStubBuffer_Disconnect
ComPs_CStdStubBuffer_Invoke
ComPs_CStdStubBuffer_IsIIDSupported
ComPs_CStdStubBuffer_QueryInterface
ComPs_IUnknown_AddRef_Proxy
ComPs_IUnknown_QueryInterface_Proxy
ComPs_IUnknown_Release_Proxy
ComPs_NdrCStdStubBuffer2_Release
ComPs_NdrCStdStubBuffer_Release
ComPs_NdrClientCall2
ComPs_NdrClientCall2_va
ComPs_NdrDllCanUnloadNow
ComPs_NdrDllGetClassObject
ComPs_NdrDllRegisterProxy
ComPs_NdrDllUnregisterProxy
ComPs_NdrStubCall2
ComPs_NdrStubForwardingFunction
CreateAntiMoniker
CreateBindCtx
CreateClassMoniker
CreateDataAdviseHolder
CreateDataCache
CreateErrorInfo
CreateFileMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateItemMoniker
CreateObjrefMoniker
CreateOleAdviseHolder
CreatePointerMoniker
CreateStdProgressIndicator
CreateStreamOnHGlobal
DcomChannelSetHResult
DllDebugObjectRPCHook
DllGetClassObject
DllGetClassObjectWOW
DllRegisterServer
DoDragDrop
EnableHookObject
FmtIdToPropStgName
FreePropVariantArray
GetClassFile
GetConvertStg
GetDocumentBitStg
GetErrorInfo
GetHGlobalFromILockBytes
GetHGlobalFromStream
GetHookInterface
GetRunningObjectTable
HACCEL_UserFree
HACCEL_UserMarshal
HACCEL_UserSize
HACCEL_UserUnmarshal
HBITMAP_UserFree
HBITMAP_UserMarshal
HBITMAP_UserSize
HBITMAP_UserUnmarshal
HBRUSH_UserFree
HBRUSH_UserMarshal
HBRUSH_UserSize
HBRUSH_UserUnmarshal
HDC_UserFree
HDC_UserMarshal
HDC_UserSize
HDC_UserUnmarshal
HENHMETAFILE_UserFree
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserUnmarshal
HGLOBAL_UserFree
HGLOBAL_UserMarshal
HGLOBAL_UserSize
HGLOBAL_UserUnmarshal
HICON_UserFree
HICON_UserMarshal
HICON_UserSize
HICON_UserUnmarshal
HMENU_UserFree
HMENU_UserMarshal
HMENU_UserSize
HMENU_UserUnmarshal
HMETAFILEPICT_UserFree
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserUnmarshal
HMETAFILE_UserFree
HMETAFILE_UserMarshal
HMETAFILE_UserSize
HMETAFILE_UserUnmarshal
HPALETTE_UserFree
HPALETTE_UserMarshal
HPALETTE_UserSize
HPALETTE_UserUnmarshal
HWND_UserFree
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
HkOleRegisterObject
IIDFromString
IsAccelerator
IsEqualGUID
IsValidIid
IsValidInterface
IsValidPtrIn
IsValidPtrOut
MkParseDisplayName
MonikerCommonPrefixWith
MonikerRelativePathTo
OleBuildVersion
OleConvertIStorageToOLESTREAM
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertOLESTREAMToIStorageEx
OleCreate
OleCreateDefaultHandler
OleCreateEmbeddingHelper
OleCreateEx
OleCreateFromData
OleCreateFromDataEx
OleCreateFromFile
OleCreateFromFileEx
OleCreateLink
OleCreateLinkEx
OleCreateLinkFromData
OleCreateLinkFromDataEx
OleCreateLinkToFile
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleCreateStaticFromData
OleDestroyMenuDescriptor
OleDoAutoConvert
OleDraw
OleDuplicateData
OleFlushClipboard
OleGetAutoConvert
OleGetClipboard
OleGetIconOfClass
OleGetIconOfFile
OleInitialize
OleInitializeWOW
OleIsCurrentClipboard
OleIsRunning
OleLoad
OleLoadFromStream
OleLockRunning
OleMetafilePictFromIconAndLabel
OleNoteObjectVisible
OleQueryCreateFromData
OleQueryLinkFromData
OleRegEnumFormatEtc
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleRun
OleSave
OleSaveToStream
OleSetAutoConvert
OleSetClipboard
OleSetContainedObject
OleSetMenuDescriptor
OleTranslateAccelerator
OleUninitialize
OpenOrCreateStream
ProgIDFromCLSID
PropStgNameToFmtId
PropSysAllocString
PropSysFreeString
PropVariantChangeType
PropVariantClear
PropVariantCopy
ReadClassStg
ReadClassStm
ReadFmtUserTypeStg
ReadOleStg
ReadStringStream
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
SNB_UserFree
SNB_UserMarshal
SNB_UserSize
SNB_UserUnmarshal
STGMEDIUM_UserFree
STGMEDIUM_UserMarshal
STGMEDIUM_UserSize
STGMEDIUM_UserUnmarshal
SetConvertStg
SetDocumentBitStg
SetErrorInfo
StgConvertPropertyToVariant
StgConvertVariantToProperty
StgCreateDocfile
StgCreateDocfileOnILockBytes
StgCreatePropSetStg
StgCreatePropStg
StgCreateStorageEx
StgGetIFillLockBytesOnFile
StgGetIFillLockBytesOnILockBytes
StgIsStorageFile
StgIsStorageILockBytes
StgOpenAsyncDocfileOnIFillLockBytes
StgOpenPropStg
StgOpenStorage
StgOpenStorageEx
StgOpenStorageOnHandle
StgOpenStorageOnILockBytes
StgPropertyLengthAsVariant
StgSetTimes
StringFromCLSID
StringFromGUID2
StringFromIID
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
UtGetDvtd16Info
UtGetDvtd32Info
WdtpInterfacePointer_UserFree
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserUnmarshal
WriteClassStg
WriteClassStm
WriteFmtUserTypeStg
WriteOleStg
WriteStringStream

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

388d7df7e9717fc2a06d5517c371a9e4

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

msvcrt

ntdll

rpcrt4

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.orpc Size: 24KB - Virtual size: 23KB

.data Size: 25KB - Virtual size: 26KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 52KB - Virtual size: 52KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.orpc
Size: 24KB - Virtual size: 23KB

.data
Size: 25KB - Virtual size: 26KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 52KB - Virtual size: 52KB